Hi, Emmanuel Deloget <log...@free.fr> writes:
> Hi David, > > On Wed, Jun 21, 2017 at 11:06 PM, David Sommerseth < > open...@sf.lists.topphemmelig.net> wrote: > > <snip> > > >> But for reasons unknown to me, those tarballs got re-created somewhere >> later in the release chain. The contents of all tarballs are >> essentially the same, but due to the "nice" artefact that the tar format >> is non-deterministic on the output, even though the input is the same, >> that begins to prepare the stage for this chaos. Especially when what >> is being uploaded is partly from the initial run and then some files >> from a different run >> . >> > > It might be possible to pay with several tar options, including: > > --sort=name : sort added files by name, and not by the order specified by > the OS > --mtime=DATE-OR-FILE : set mtime of added file to a known value (either the > mtime of a file or an arbitrary date/time string). > > These two options should help --sort and --mtime seem like GNU tar options. It would be cool if whatever is used to produce the tarballs was portable to systems where the default tar program is not GNU tar. If those tar options end up being used, then it would make sense to add a knob to specify the the GNU tar program used to build the tarballs. > Both options are being used by the LEDE project which claim support of > reproducible builds for a limited list of targets (tar is used when > building packages [1]). > > [1] > https://git.lede-project.org/?p=source.git;a=blob;f=scripts/ipkg-build#l142 Since OpenVPN uses automake, I'll just mention that the automake folks also discussed reproducible tarballs: https://lists.gnu.org/archive/html/automake/2015-12/msg00012.html -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
